Configure Azure

Environment for
Hybrid Identity

Contents

Login to the Azure Management Portal......3

Deploy Hybrid Environment.......................4
Configuring Azure AD for Hybrid Identity. . .7
Terms of use.............................................17

Login to
the Azure
Manageme
nt Portal

Estimated time to complete lab is 30 minutes.

Overview
In this lab, you will configure your Microsoft Azure environment
for hybrid-identity for the Events sample.
NOTE: Your account must have account administrator
rights for this lab. Do not use on an Azure subscription
that is used for production usage.
Login
1 Launch a browser and navigate to
https://manage.windowsazure.com. Once prompted login
with your Microsoft Azure credentials.
Note: You may need to launch an "in-private" session in
your browser if you have multiple accounts.

After you enter your email, select whether this is a Microsoft

or Organization account.

Azure Data Services Training

Deploy
Hybrid
Environme
nt

Enter your password and login to the Azure management

portal.

If your Microsoft or Organization account is associated

with multiple subscriptions, ensure you are working in the
correct one for the course by clicking Subscriptions at the
top of the screen.

Install and Enable the Azure PowerShell Cmdlets

1. Launch a browser and navigate to
http://azure.microsoft.com. When the page loads, click the
Downloads link.

2. Scroll down to the install link for the Azure PowerShell

cmdlets.

3. Click the link and install the Microsoft Azure PowerShell

cmdlets.

Azure Data Services Training

4. Right click on the PowerShell ISE shortcut in the student

folder, select Run as administrator. If prompted for
elevation confirm yes.

In the console window that opens enter the following

command and press enter.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

When prompted click YES

Execute Setup Script for Environment

1 Within PowerShell ISE click File -> Open and browse to the
student folder and open provision-env.ps1.
6

Press F5 or click the green play icon to execute the script.

When prompted enter the credentials for an administrator

or co-administrator account for your Azure subscription.

Select the subscription to use for the labs by entering the

number beside the subscription.

Azure Data Services Training

Select the region to use by pressing the number next to

region name.

If you have an existing storage account within the region, it will

show up in the list for use. If not, enter a unique name for a
storage account to have the script create it.
10 You should then see the following message and then the
script will copy a pre-configured VHD for Active Directory to
your storage account.

Configurin
g Azure AD
for Hybrid
Identity

Create the Azure AD Tenant

1 Within the Azure management portal click NEW

11 Then click: APP SERVICES, ACTIVE DIRECTORY,

DIRECTORY

12 Then click CUSTOM CREATE

Azure Data Services Training

13 For the new directory properties, enter a name for your

directory and a globally unique value for the domain name.
Then select your country and click the check mark to create
the directory.

Create a new Global Administrator

1 Click the new directorys name to open its properties.

14 Click USERS

15 Click ADD USER

16 Specify a name for the USER NAME. This is the account

you will use to access Microsoft Azure throughout the
course. Click the right arrow to continue.

Azure Data Services Training

17 Specify the FIRST NAME, LAST NAME, and DISPLAY

NAME and for the ROLE specify GLOBAL
ADMINISTRATOR. For GLOBAL ADMINISTRATORS you
are also required to specify an ALTERNATE EMAIL
ADDRESS. Click the right arrow to continue.

18 Click CREATE to generate the temporary password for the

user. Save the user name and password separately in
notepad or in written notes as it will be needed later.

19 Launch a browser (InPrivate) and navigate to

http://myapps.microsoft.com. Use the global admin
credentials to login.

Azure Data Services Training

20 Specify a password for the account that you will easily

remember.

Set the default directory for your Azure Subscription

1 At the top of the management portal click
SUBSCRIPTIONS and then MANAGE
subscriptions/directory towards the bottom of the drop
down.

21 Select the subscription and then select EDIT DIRECTORY

at the bottom of the page.

22 Change the associated directory for the new Azure AD

Directory and click the right arrow.

Azure Data Services Training

23 On the Confirm directory mapping page click the

checkmark to complete.

24 Allow the portal to reload.

25 When the portal has reloaded click Subscriptions at the
top of the page, then change the FILTER BY
DIRECTORY dropdown to the new directory created and
click APPLY.

Add a new co-administrator

1

If you are not on the SETTINGS page click SETTINGS in the

left navigation.

26 Click ADMINISTRATORS

27 Click ADD

28 Specify the EMAIL ADDRESS of the user previously

created. Click the checkmark button to confirm.

Azure Data Services Training

Enable Directory Integration

1 Within the Azure management portal
(https://manage.windowsazure.com) click on ACTIVE
DIRECTORY and then the name of directory you previously
created.

29 Towards the top of the management portal, click

DIRECTORY INTEGRATION.

30 Click the ACTIVATED button to enable directory

synchronization.

31 Click SAVE at the bottom of the portal.

Configure Directory Sync

1 Within the Azure management portal click on VIRTUAL
MACHINES Login to the server AD-DC.

Azure Data Services Training

32 Select the virtual machine by clicking the status to the

right.

33 At the bottom of the page click the connect button and

when prompted login with the following credentials.

User Name: fabrikam\demouser

Password: demo@pass1

34 Once logged in, double click the

MicrosoftAzureADConnectionTool icon on your desktop
to install AADSync.

35 Click the Install button to begin.

36 On the next screen, enter the credentials setup for your

Azure AD tenant. Then click Next.

Azure Data Services Training

37 Enter the following credentials for the on-premises domain

credential and click Add Forest. After verification click
Next.

User Name: fabrikam\demouser

Password: demo@pass1

38 Accept the default settings for user matching and click

Next.

Azure Data Services Training

39 Check Password synchronization and click Next.

40 Click Configure.

Azure Data Services Training

41 Click Finish to start directory synchronization.

2014 Microsoft Corporation. All rights reserved.

Terms of
use

By using this Hands-on Lab, you agree to the following terms:

The technology/functionality described in this Hands-on Lab is
provided by Microsoft Corporation in a sandbox testing
environment for purposes of obtaining your feedback and to
provide you with a learning experience. You may only use the
Hands-on Lab to evaluate such technology features and
functionality and provide feedback to Microsoft. You may not
use it for any other purpose. You may not modify, copy,
distribute, transmit, display, perform, reproduce, publish,
license, create derivative works from, transfer, or sell this
Hands-on Lab or any portion thereof.
COPYING OR REPRODUCTION OF THE HANDS-ON LAB (OR ANY
PORTION OF IT) TO ANY OTHER SERVER OR LOCATION FOR
FURTHER REPRODUCTION OR REDISTRIBUTION IS EXPRESSLY
PROHIBITED.
THIS HANDS-ONLAB PROVIDES CERTAIN SOFTWARE
TECHNOLOGY/PRODUCT FEATURES AND FUNCTIONALITY,
INCLUDING POTENTIAL NEW FEATURES AND CONCEPTS, IN A
SIMULATED ENVIRONMENT WITHOUT COMPLEX SET-UP OR
INSTALLATION FOR THE PURPOSE DESCRIBED ABOVE. THE
TECHNOLOGY/CONCEPTS REPRESENTED IN THIS HANDS-ON
LAB MAY NOT REPRESENT FULL FEATURE FUNCTIONALITY AND
MAY NOT WORK THE WAY A FINAL VERSION MAY WORK. WE
ALSO MAY NOT RELEASE A FINAL VERSION OF SUCH FEATURES
OR CONCEPTS. YOUR EXPERIENCE WITH USING SUCH
FEATURES AND FUNCITONALITY IN A PHYSICAL ENVIRONMENT
MAY ALSO BE DIFFERENT.
Azure Data Services Training

FEEDBACK. If you give feedback about the technology

features, functionality and/or concepts described in this Handson Lab to Microsoft, you give to Microsoft, without charge, the
right to use, share and commercialize your feedback in any
way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products,
technologies and services to use or interface with any specific
parts of a Microsoft software or service that includes the
feedback. You will not give feedback that is subject to a license
that requires Microsoft to license its software or documentation
to third parties because we include your feedback in them.
These rights survive this agreement.
MICROSOFT CORPORATION HEREBY DISCLAIMS ALL
WARRANTIES AND CONDITIONS WITH REGARD TO THE HANDSON LAB , INCLUDING ALL WARRANTIES AND CONDITIONS OF
MERCHANTABILITY, WHETHER EXPRESS, IMPLIED OR
STATUTORY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
NON-INFRINGEMENT. MICROSOFT DOES NOT MAKE ANY
ASSURANCES OR REPRESENTATIONS WITH REGARD TO THE
ACCURACY OF THE RESULTS, OUTPUT THAT DERIVES FROM USE
OF THE VIRTUAL LAB, OR SUITABILITY OF THE INFORMATION
CONTAINED IN THE VIRTUAL LAB FOR ANY PURPOSE.

DISCLAIMER
This lab contains only a portion of new features and
enhancements in Microsoft SQL Server 2014. Some of the
features might change in future releases of the product. In this
lab, you will learn about some, but not all, new features.

Azure Data Services Training